Can't update repos due to signing problems

Unlinking. This bug is a different, unknown error:

po/it.po-msgid "Unknown error executing apt-key"
po/it.po:msgstr "Errore sconosciuto durante l'esecuzione di apt-key"

Status changed to 'Confirmed' because the bug affects multiple users.

I can confirm the problem appearing out of nowhere on Ubuntu 16.04 (upgraded from 14.04). I attached the output from 'apt-get update' and 'apt-key list'. Feel free to ask for additional detail.

I can confirm the problem in the same form as appeared to Christian Doczkal (thyrus).

I added the Ubuntu package signing keys to my personal key chain. Afterwards I can verify the the signatures on the lists downloaded by 'apt-get update', e.g.

$ LANG=C gpg --verify /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_Release
gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using DSA key ID 437D05B5
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using RSA key ID C0B21F32
gpg: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32

So the error message of apt:

W: The repository 'http://archive.ubuntu.com/ubuntu xenial-updates InRelease' is not signed.

appears to be wrong. The problem appears to be that apt is unable to recognize/check the perfectly good signature on the downloaded files. Is there any way to debug the signature verification process?

Probably solved by following the suggestions at https://gist.github.com/piersharding/ffc505564a82daaf6ff33d951f568dad

In /etc/apt I moved trusted.gpg* in a backup directory and runned "sudo apt-key update".
After that I runned "sudo apt-get update": it gave no error or warnings, but apparently it did not accomplish the update.

On the contrary, the Software Updater on the GUI made the whole work without any error and correctly updated the system (at least, it seems so).

I can confirm that removing /etc/apt/trusted.gpg* and then running "sudo apt-key update" to regenerate the trust store from the one stored in the package resolves the issue. I could even copy back the entries from /etc/apt/trusted.gpg.d.

It still might be worthwhile to find out what caused the apparent corruption of "/etc/apt/trusted.gpg".

Great, thanks for the update.

Il Mer 30 Nov 2016, 18:45 Christian Doczkal <email address hidden> ha scritto:

> I can confirm that removing /etc/apt/trusted.gpg* and then running "sudo
> apt-key update" to regenerate the trust store from the one stored in the
> package resolves the issue. I could even copy back the entries from
> /etc/apt/trusted.gpg.d.
>
> It still might be worthwhile to find out what caused the apparent
> corruption of "/etc/apt/trusted.gpg".
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1592040
>
> Title:
> Can't update repos due to signing problems
>
> Status in apt package in Ubuntu:
> Confirmed
>
> Bug description:
> I can't update the repos through 'sudo apt-get update' due to these
> errors:
>
> W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial InRelease:
> Errore sconosciuto durante l'esecuzione di apt-key
> W: The repository 'http://archive.ubuntu.com/ubuntu xenial InRelease'
> is not signed.
> N: Data from such a repository can't be authenticated and is therefore
> potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-updates
> InRelease: Errore sconosciuto durante l'esecuzione di apt-key
> W: The repository 'http://archive.ubuntu.com/ubuntu xenial-updates
> InRelease' is not signed.
> N: Data from such a repository can't be authenticated and is therefore
> potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-backports
> InRelease: Errore sconosciuto durante l'esecuzione di apt-key
> W: The repository 'http://archive.ubuntu.com/ubuntu xenial-backports
> InRelease' is not signed.
> N: Data from such a repository can't be authenticated and is therefore
> potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> W: Errore GPG: http://archive.ubuntu.com/ubuntu xenial-security
> InRelease: Errore sconosciuto durante l'esecuzione di apt-key
> W: The repository 'http://archive.ubuntu.com/ubuntu xenial-security
> InRelease' is not signed.
> N: Data from such a repository can't be authenticated and is therefore
> potentially dangerous to use.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
>
> The /etc/apt/sources.list contains only the official Ubuntu repo since
> it's untouched from a clean 16.04 install.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1592040/+subscriptions
>
--
Francesco Tortorella
via Orilia, 6
Cava de' Tirreni (SA)

Italy